diff --git a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java index d5f6253e5594bdc5cfc9d9d54aec02789fcc5046..e9915f5d97b15193d37d585dbdfe3703c5c73709 100644 --- a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java +++ b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java @@ -1,9 +1,11 @@ package org.jeecg.modules.system.controller; -import javax.servlet.http.HttpServletRequest; - +import io.swagger.annotations.Api; +import io.swagger.annotations.ApiOperation; +import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang.StringUtils; import org.jeecg.common.api.vo.Result; +import org.jeecg.common.util.SqlInjectionUtil; import org.jeecg.modules.system.mapper.SysDictMapper; import org.jeecg.modules.system.model.DuplicateCheckVo; import org.springframework.beans.factory.annotation.Autowired; @@ -11,9 +13,7 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; -import io.swagger.annotations.Api; -import io.swagger.annotations.ApiOperation; -import lombok.extern.slf4j.Slf4j; +import javax.servlet.http.HttpServletRequest; /** * @Title: DuplicateCheckAction @@ -29,7 +29,7 @@ import lombok.extern.slf4j.Slf4j; public class DuplicateCheckController { @Autowired - SysDictMapper sysDictMapper; + SysDictMapper sysDictMapper; /** * 校验数据是否在系统中是否存在 @@ -42,6 +42,10 @@ public class DuplicateCheckController { Long num = null; log.info("----duplicate check------:"+ duplicateCheckVo.toString()); + //关联表字典(举例:sys_user,realname,id) + //SQL注入校验(只限制非法串改数据库) + final String[] sqlInjCheck = {duplicateCheckVo.getTableName(),duplicateCheckVo.getFieldName()}; + SqlInjectionUtil.filterContent(sqlInjCheck); if (StringUtils.isNotBlank(duplicateCheckVo.getDataId())) { // [2].编辑页面校验 num = sysDictMapper.duplicateCheckCountSql(duplicateCheckVo);